Last week, my NetBSD NPF router got a new IP address via DHCP.
npfctl list showed many entries with the nat-addr:port with the old
address.
I did a npfctl reload and my NAT started working again.
Today it happened again.
"npfctl show" shows the current IP address in the map.
Part of my /etc/npf.conf follows:
$ext_if = "re1"
$int_if = "re0"
$ext_addrs = { ifaddrs($ext_if) }
$localnet = { 172.16.1.0/24 }
# Allow pings
alg "icmp"
# Perform IPv4 NAT
map inet4($ext_if) dynamic $localnet -> inet4($ext_if)
group "external" on $ext_if {
# Allow all outbound traffic
pass stateful out all
# Block all incoming traffic
block in all
}
group "internal" on $int_if {
# Pass everything to internal networks,
# should be ok, because we are nat'ed.
pass final all
}
# default group is mandatory
group default {
# Loopback interface should allows packets to traverse it.
pass final on lo0 all
# Block everything by default.
block all
}
When the problem began my logs had:
Jan 16 18:28:24 t1 unbound: [210:0] error: event_add failed. in cpsl.
Jan 16 18:28:25 t1 syslogd[189]: last message repeated 2 times
Jan 16 18:28:25 t1 unbound: [210:0] error: could not event_del on close
Jan 16 18:28:25 t1 unbound: [210:0] error: event_add failed. in cpsl.
...
Jan 16 18:28:49 t1 unbound: [210:0] error: could not event_del on close
Jan 16 18:28:49 t1 unbound: [210:0] error: event_add failed. in cpsl.
Jan 16 18:28:50 t1 dhcpcd[152]: re1: probing for an IPv4LL address
Jan 16 18:28:50 t1 dhcpcd[152]: re1: using IPv4LL address 169.254.77.128
Jan 16 18:28:50 t1 dhcpcd[152]: re1: DHCP lease expired
Then it was offered a new IP, added route, changed default route.
I did a "sudo npfctl reload" to get NAT to work again.
How can I get it to automatically reload on external interface changes?